[TriLUG] Building a load balanced web cluster

Jon Carnes jonc at haht.com
Tue Sep 18 00:44:42 EDT 2001 

I just finished building my second load balanced web-cluster using the LVS
project.  This stuff works great and is extremely impressive!
For the price of a decent machine, anyone can now have built-in redundancy
and load-balancing for any of their common services: web, mail, ftp, etc...

I used VA Linux 6.2.4 as the server setup (with a 2.2.18 kernel).  It comes
ready to roll with the LVS.

# === Notes on VS cluster setup ===
# these are the commands used to setup the virtual server for QA:
#

# First the ipchains rules:
ipchains -P forward DENY
ipchains -A forward -i eth0 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward

# 1) set the policy to deny any forwarding,
# 2) allow forwarding traffic to the external interface
#   (eth0 in this case) and masquerade the traffic,
# 3) turn on ip packet forwarding in the kernel.

# ======

# load any VS modules you will need
insmod ip_vs_rr

# Now for the VS commands:
ipvsadm -A -t 216.54.16.11:80 -s rr
ipvsadm -a -t 216.54.16.11:80 -r 10.1.71.14 -m
ipvsadm -a -t 216.54.16.11:80 -r 10.1.71.10 -m

# 1) create the entry in the table to forward (ip address and port)
#   216.54.16.11 port 80, forward using "round robin"
# 2) and 3) add two internal machines to forward to.


# Test the install by listing rule set:

ipvsadm -Ln

# IP Virtual Server version 1.0.2 (size=4096)
# Prot LocalAddress:Port Scheduler Flags
#   -> RemoteAddress:Port          Forward Weight ActiveConn InActConn
# TCP  216.54.16.11:80 rr
#   -> 10.1.71.10:80               Masq    1      0          0
#   -> 10.1.71.14:80               Masq    1      0          0

# ======

# Prepare the two internal machines by changing their gateway settings.
# The director of the cluster (the machine with the external ip address
#   of 216.54.16.11) has the internal ip address of 10.1.1.23.
# Set the two internal machines to use this server as their gateway.
#
#   gateway = 10.1.1.23

=== end of notes ===

Now any web calls to 216.54.16.11 (this is only an example -- not a real
address) will be forwarded internally to my DMZ and handed off to one of two
machines.  I can easily add a machine:
  ipvsadm -a -t 216.54.16.11:80 -r New.Machine -m

or remove machines from the cluster:
  ipvsadm -d -t 216.54.16.11:80 -r 10.1.71.14 -m

If I use this in conjunction with Netsaint, I can automagically remove a
failing machine from my cluster, and send out an alarm.  Later, I can add it
right back in.

HtH - Jon

More information about the TriLUG mailing list